networkd: introduce ipip tunnel

This patch enables basic ipip tunnel support.
It works with kernel module ipip

example conf:

file: ipip.netdev

[NetDev]
Name=ipip-tun
Kind=ipip
MTUBytes=1480

[Tunnel]
Local=192.168.223.238
Remote=192.169.224.239
TTL=64

file: ipip.network

[Match]
Name=em1

[Network]
Tunnel=ipip-tun

[tomegun:
         - drop unused variable
         - take ref when enslaving]

diff --git a/Makefile.am b/Makefile.am
index 637f5e15c5225fc6411eba3c723987667aca0d80..c54d35760daeec0ec00abacf0dc6a76c7c48c833 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -4171,7 +4171,8 @@ systemd_networkd_SOURCES = \
        src/network/networkd.c
 
 systemd_networkd_LDADD = \
-       libsystemd-networkd-core.la
+       libsystemd-networkd-core.la \
+       -lkmod
 
 noinst_LTLIBRARIES += \
        libsystemd-networkd-core.la
@@ -4181,6 +4182,7 @@ libsystemd_networkd_core_la_SOURCES = \
        src/network/networkd.h \
        src/network/networkd-link.c \
        src/network/networkd-netdev.c \
+       src/network/networkd-tunnel.c \
        src/network/networkd-network.c \
        src/network/networkd-address.c \
        src/network/networkd-route.c \
@@ -4217,13 +4219,15 @@ systemd_networkd_wait_online_LDADD = \
        libsystemd-network.la \
        libudev-internal.la \
        libsystemd-internal.la \
-       libsystemd-shared.la
+       libsystemd-shared.la \
+       libsystemd-network.la
 
 test_network_SOURCES = \
        src/network/test-network.c
 
 test_network_LDADD = \
-       libsystemd-networkd-core.la
+       libsystemd-networkd-core.la \
+       -lkmod
 
 tests += \
        test-network

diff --git a/src/libsystemd-network/network-internal.c b/src/libsystemd-network/network-internal.c
index 52e614c4eab38dbc80b1160275b8d373643c9146..cf577e54a4ee9b72de6ba1408881a6d9396fd70d 100644 (file)
--- a/src/libsystemd-network/network-internal.c
+++ b/src/libsystemd-network/network-internal.c
@@ -326,3 +326,36 @@ int net_parse_inaddr(const char *address, unsigned char *family, void *dst) {
 
         return 0;
 }
+
+int load_module(struct kmod_ctx *ctx, const char *mod_name) {
+        struct kmod_list *modlist = NULL, *l;
+        int r;
+
+        assert(ctx);
+        assert(mod_name);
+
+        r = kmod_module_new_from_lookup(ctx, mod_name, &modlist);
+        if (r < 0)
+                return r;
+
+        if (!modlist) {
+                log_error("Failed to find module '%s'", mod_name);
+                return -ENOENT;
+        }
+
+        kmod_list_foreach(l, modlist) {
+                struct kmod_module *mod = kmod_module_get_module(l);
+
+                r = kmod_module_probe_insert_module(mod, 0, NULL, NULL, NULL, NULL);
+                if (r == 0)
+                        log_info("Inserted module '%s'", kmod_module_get_name(mod));
+                else {
+                        log_error("Failed to insert '%s': %s", kmod_module_get_name(mod),
+                                  strerror(-r));
+                }
+        }
+
+        kmod_module_unref_list(modlist);
+
+        return r;
+}

diff --git a/src/libsystemd-network/network-internal.h b/src/libsystemd-network/network-internal.h
index 836472a776fd0a09b783c6de5227969a482af596..1c77d332741c4e65e95ca522fc7222f8cae6e128 100644 (file)
--- a/src/libsystemd-network/network-internal.h
+++ b/src/libsystemd-network/network-internal.h
@@ -24,6 +24,7 @@
 #include <netinet/ether.h>
 #include <netinet/in.h>
 #include <stdbool.h>
+#include <libkmod.h>
 
 #include "udev.h"
 #include "condition-util.h"
@@ -65,3 +66,5 @@ int config_parse_ifalias(const char *unit, const char *filename, unsigned line,
 int net_parse_inaddr(const char *address, unsigned char *family, void *dst);
 
 int net_get_unique_predictable_data(struct udev_device *device, uint8_t result[8]);
+
+int load_module(struct kmod_ctx *ctx, const char *mod_name);

diff --git a/src/libsystemd/sd-rtnl/rtnl-types.c b/src/libsystemd/sd-rtnl/rtnl-types.c
index 44ac5ec38906329d8c4ba8e7b6af3f1845d699d0..96467a32a62f1c9daa3598112f48b2c2e041ca44 100644 (file)
--- a/src/libsystemd/sd-rtnl/rtnl-types.c
+++ b/src/libsystemd/sd-rtnl/rtnl-types.c
@@ -104,8 +104,8 @@ static const NLType rtnl_link_info_data_bond_types[IFLA_BOND_MAX + 1] = {
 
 static const NLType rtnl_link_info_data_iptun_types[IFLA_IPTUN_MAX + 1] = {
         [IFLA_IPTUN_LINK]                = { .type = NLA_U32 },
-        [IFLA_IPTUN_LOCAL]               = { .type = NLA_U32 },
-        [IFLA_IPTUN_REMOTE]              = { .type = NLA_U32 },
+        [IFLA_IPTUN_LOCAL]               = { .type = NLA_IN_ADDR },
+        [IFLA_IPTUN_REMOTE]              = { .type = NLA_IN_ADDR },
         [IFLA_IPTUN_TTL]                 = { .type = NLA_U8 },
         [IFLA_IPTUN_TOS]                 = { .type = NLA_U8 },
         [IFLA_IPTUN_PMTUDISC]            = { .type = NLA_U8 },

diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index d07cc30951271570818c9ed6b4055b73df85f90a..77c505fc784f3f6d3276f9103e994b4de6012b5d 100644 (file)
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -1466,7 +1466,9 @@ static int link_enter_enslave(Link *link) {
 
         link_save(link);
 
-        if (!link->network->bridge && !link->network->bond &&
+        if (!link->network->bridge &&
+            !link->network->bond &&
+            !link->network->tunnel &&
             hashmap_isempty(link->network->vlans) &&
             hashmap_isempty(link->network->macvlans))
                 return link_enslaved(link);
@@ -1515,6 +1517,28 @@ static int link_enter_enslave(Link *link) {
                 link->enslaving ++;
         }
 
+        if (link->network->tunnel) {
+                log_struct_link(LOG_DEBUG, link,
+                                "MESSAGE=%s: enslaving by '%s'",
+                                link->ifname, link->network->tunnel->name,
+                                NETDEV(link->network->tunnel),
+                                NULL);
+
+                r = netdev_enslave(link->network->tunnel, link, &enslave_handler);
+                if (r < 0) {
+                        log_struct_link(LOG_WARNING, link,
+                                        "MESSAGE=%s: could not enslave by '%s': %s",
+                                        link->ifname, link->network->tunnel->name, strerror(-r),
+                                        NETDEV(link->network->tunnel),
+                                        NULL);
+                        link_enter_failed(link);
+                        return r;
+                }
+
+                link_ref(link);
+                link->enslaving ++;
+        }
+
         HASHMAP_FOREACH(vlan, link->network->vlans, i) {
                 log_struct_link(LOG_DEBUG, link,
                                 "MESSAGE=%s: enslaving by '%s'",

diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
index 8bdc60f19c980dd940a3820a9ece37f6757d1ba4..cfa3a9900a61a095e3616a8b013e51870cd47ddc 100644 (file)
--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
@@ -21,6 +21,7 @@
 
 #include <resolv.h>
 #include <linux/if.h>
+#include <libkmod.h>
 
 #include "path-util.h"
 #include "networkd.h"
@@ -551,3 +552,18 @@ finish:
 
         return r;
 }
+
+int manager_init_kmod_ctx(Manager *m) {
+        struct kmod_ctx *ctx;
+
+        assert(m);
+
+        ctx = kmod_new(NULL, NULL);
+        if (!ctx) {
+                return -ENOMEM;
+        }
+
+        m->kmod_ctx = ctx;
+
+        return 0;
+}

diff --git a/src/network/networkd-netdev-gperf.gperf b/src/network/networkd-netdev-gperf.gperf
index ea7ba5734b8a71fbccf839fe3f411563ad00d1a0..7e6b8853d5757038d556d29639bc61bf59e309aa 100644 (file)
--- a/src/network/networkd-netdev-gperf.gperf
+++ b/src/network/networkd-netdev-gperf.gperf
@@ -22,5 +22,10 @@ Match.Architecture,      config_parse_net_condition,         CONDITION_ARCHITECT
 NetDev.Description,      config_parse_string,                0,                             offsetof(NetDev, description)
 NetDev.Name,             config_parse_ifname,                0,                             offsetof(NetDev, name)
 NetDev.Kind,             config_parse_netdev_kind,           0,                             offsetof(NetDev, kind)
+NetDev.MTUBytes,         config_parse_iec_size,              0,                             offsetof(NetDev, mtu)
 VLAN.Id,                 config_parse_uint64,                0,                             offsetof(NetDev, vlanid)
 MACVLAN.Mode,            config_parse_macvlan_mode,          0,                             offsetof(NetDev, macvlan_mode)
+Tunnel.Local,            config_parse_tunnel_address,        0,                             offsetof(NetDev, tunnel_local)
+Tunnel.Remote,           config_parse_tunnel_address,        0,                             offsetof(NetDev, tunnel_remote)
+Tunnel.TOS,              config_parse_unsigned,              0,                             offsetof(NetDev, tunnel_tos)
+Tunnel.TTL,              config_parse_unsigned,              0,                             offsetof(NetDev, tunnel_ttl)

diff --git a/src/network/networkd-netdev.c b/src/network/networkd-netdev.c
index f742e391ce5b3cd1e790b62eb945b2292f296726..62e1a3e26d9438ee2e96fda61ab7e59fd976d937 100644 (file)
--- a/src/network/networkd-netdev.c
+++ b/src/network/networkd-netdev.c
@@ -33,6 +33,9 @@ static const char* const netdev_kind_table[_NETDEV_KIND_MAX] = {
         [NETDEV_KIND_BOND] = "bond",
         [NETDEV_KIND_VLAN] = "vlan",
         [NETDEV_KIND_MACVLAN] = "macvlan",
+        [NETDEV_KIND_IPIP] = "ipip",
+        [NETDEV_KIND_GRE] = "gre",
+        [NETDEV_KIND_SIT] = "sit",
 };
 
 DEFINE_STRING_TABLE_LOOKUP(netdev_kind, NetDevKind);
@@ -228,6 +231,34 @@ static int netdev_create_handler(sd_rtnl *rtnl, sd_rtnl_message *m, void *userda
         return 1;
 }
 
+int config_parse_tunnel_address(const char *unit,
+                                const char *filename,
+                                unsigned line,
+                                const char *section,
+                                unsigned section_line,
+                                const char *lvalue,
+                                int ltype,
+                                const char *rvalue,
+                                void *data,
+                                void *userdata) {
+        NetDev *n = data;
+        unsigned char family = AF_INET;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        r = net_parse_inaddr(rvalue, &family, n);
+        if (r < 0) {
+                log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+                           "Tunnel address is invalid, ignoring assignment: %s", rvalue);
+                return 0;
+        }
+       return 0;
+}
+
 static int netdev_create(NetDev *netdev, Link *link, sd_rtnl_message_handler_t callback) {
         _cleanup_rtnl_message_unref_ sd_rtnl_message *req = NULL;
         const char *kind;
@@ -266,6 +297,16 @@ static int netdev_create(NetDev *netdev, Link *link, sd_rtnl_message_handler_t c
                 return r;
         }
 
+        if(netdev->mtu) {
+                r = sd_rtnl_message_append_u32(req, IFLA_MTU, netdev->mtu);
+                if (r < 0) {
+                        log_error_netdev(netdev,
+                                         "Could not append IFLA_MTU attribute: %s",
+                                         strerror(-r));
+                        return r;
+                }
+        }
+
         r = sd_rtnl_message_open_container(req, IFLA_LINKINFO);
         if (r < 0) {
                 log_error_netdev(netdev,
@@ -347,6 +388,11 @@ int netdev_enslave(NetDev *netdev, Link *link, sd_rtnl_message_handler_t callbac
         if (netdev->kind == NETDEV_KIND_VLAN || netdev->kind == NETDEV_KIND_MACVLAN)
                 return netdev_create(netdev, link, callback);
 
+        if(netdev->kind == NETDEV_KIND_IPIP ||
+           netdev->kind == NETDEV_KIND_GRE ||
+           netdev->kind ==  NETDEV_KIND_SIT)
+                return netdev_create_tunnel(link, netdev_create_handler);
+
         if (netdev->state == NETDEV_STATE_READY) {
                 r = netdev_enslave_ready(netdev, link, callback);
                 if (r < 0)
@@ -496,7 +542,7 @@ static int netdev_load_one(Manager *manager, const char *filename) {
         netdev->macvlan_mode = _NETDEV_MACVLAN_MODE_INVALID;
         netdev->vlanid = VLANID_MAX + 1;
 
-        r = config_parse(NULL, filename, file, "Match\0NetDev\0VLAN\0MACVLAN\0",
+        r = config_parse(NULL, filename, file, "Match\0NetDev\0VLAN\0MACVLAN\0Tunnel\0",
                          config_item_perf_lookup, (void*) network_netdev_gperf_lookup,
                          false, false, netdev);
         if (r < 0) {
@@ -549,7 +595,10 @@ static int netdev_load_one(Manager *manager, const char *filename) {
         LIST_HEAD_INIT(netdev->callbacks);
 
         if (netdev->kind != NETDEV_KIND_VLAN &&
-            netdev->kind != NETDEV_KIND_MACVLAN) {
+            netdev->kind != NETDEV_KIND_MACVLAN &&
+            netdev->kind != NETDEV_KIND_IPIP &&
+            netdev->kind != NETDEV_KIND_GRE &&
+            netdev->kind != NETDEV_KIND_SIT) {
                 r = netdev_create(netdev, NULL, NULL);
                 if (r < 0)
                         return r;

diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index bfe44e00416038b97572e3db6c1edcc01fd4accd..4bb84259cdec121a526ea6444af646931084bbe3 100644 (file)
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -34,6 +34,7 @@ Network.IPv4LL,              config_parse_bool,                  0,
 Network.Address,             config_parse_address,               0,                             0
 Network.Gateway,             config_parse_gateway,               0,                             0
 Network.DNS,                 config_parse_dns,                   0,                             offsetof(Network, dns)
+Network.Tunnel,              config_parse_tunnel,                0,                             offsetof(Network, tunnel)
 Address.Address,             config_parse_address,               0,                             0
 Address.Broadcast,           config_parse_broadcast,             0,                             0
 Address.Label,               config_parse_label,                 0,                             0

diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 5d7ce1ced2ffe2abd4b5f4b59b302779f68ade71..d6b06e8a97034f3c1cf8ae7667d03e38bc68f5f3 100644 (file)
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -331,3 +331,42 @@ int config_parse_netdev(const char *unit,
 
         return 0;
 }
+
+int config_parse_tunnel(const char *unit,
+                        const char *filename,
+                        unsigned line,
+                        const char *section,
+                        unsigned section_line,
+                        const char *lvalue,
+                        int ltype,
+                        const char *rvalue,
+                        void *data,
+                        void *userdata) {
+        Network *network = userdata;
+        NetDev *netdev;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        r = netdev_get(network->manager, rvalue, &netdev);
+        if (r < 0) {
+                log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+                           "Tunnel is invalid, ignoring assignment: %s", rvalue);
+                return 0;
+        }
+
+        if (netdev->kind != NETDEV_KIND_IPIP &&
+            netdev->kind != NETDEV_KIND_SIT &&
+            netdev->kind != NETDEV_KIND_GRE) {
+                log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+                           "NetDev is not a tunnel, ignoring assignment: %s", rvalue);
+                return 0;
+        }
+
+        network->tunnel = netdev;
+
+        return 0;
+}

diff --git a/src/network/networkd-tunnel.c b/src/network/networkd-tunnel.c
new file mode 100644 (file)
index 0000000..49a4975
--- /dev/null
+++ b/src/network/networkd-tunnel.c
@@ -0,0 +1,192 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+    This file is part of systemd.
+
+    Copyright 2014 Susant Sahani <susant@redhat.com>
+
+    systemd is free software; you can redistribute it and/or modify it
+    under the terms of the GNU Lesser General Public License as published by
+    the Free Software Foundation; either version 2.1 of the License, or
+    (at your option) any later version.
+
+    systemd is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public License
+    along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <netinet/ether.h>
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <linux/ip.h>
+#include <linux/if_tunnel.h>
+#include <libkmod.h>
+
+#include "sd-rtnl.h"
+#include "networkd.h"
+#include "network-internal.h"
+#include "util.h"
+
+
+static int netdev_fill_ipip_rtnl_message(Link *link, sd_rtnl_message *m) {
+        NetDev *netdev;
+        int r;
+
+        assert(link);
+        assert(link->network);
+        assert(link->network->tunnel);
+        assert(m);
+
+        netdev = link->network->tunnel;
+
+        r = sd_rtnl_message_append_string(m, IFLA_IFNAME, netdev->name);
+        if (r < 0) {
+                log_error_netdev(netdev,
+                                 "Could not append IFLA_IFNAME, attribute: %s",
+                                 strerror(-r));
+                return r;
+        }
+
+        if(netdev->mtu) {
+                r = sd_rtnl_message_append_u32(m, IFLA_MTU, netdev->mtu);
+                if (r < 0) {
+                        log_error_netdev(netdev,
+                                         "Could not append IFLA_MTU attribute: %s",
+                                         strerror(-r));
+                        return r;
+                }
+        }
+
+        r = sd_rtnl_message_open_container(m, IFLA_LINKINFO);
+        if (r < 0) {
+                log_error_netdev(netdev,
+                                 "Could not append IFLA_LINKINFO attribute: %s",
+                                 strerror(-r));
+                return r;
+        }
+
+        r = sd_rtnl_message_open_container_union(m, IFLA_INFO_DATA,
+                                                 netdev_kind_to_string(netdev->kind));
+        if (r < 0) {
+                log_error_netdev(netdev,
+                                 "Could not append IFLA_INFO_DATA attribute: %s",
+                                 strerror(-r));
+                return r;
+        }
+
+        r = sd_rtnl_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
+        if (r < 0) {
+                log_error_netdev(netdev,
+                                 "Could not append IFLA_IPTUN_LINK attribute: %s",
+                                 strerror(-r));
+                return r;
+        }
+
+        r = sd_rtnl_message_append_in_addr(m, IFLA_IPTUN_LOCAL, &netdev->tunnel_local);
+        if (r < 0) {
+                log_error_netdev(netdev,
+                                 "Could not append IFLA_IPTUN_LOCAL attribute: %s",
+                                 strerror(-r));
+                return r;
+        }
+
+        r = sd_rtnl_message_append_in_addr(m, IFLA_IPTUN_REMOTE, &netdev->tunnel_remote);
+        if (r < 0) {
+                log_error_netdev(netdev,
+                                 "Could not append IFLA_IPTUN_REMOTE attribute: %s",
+                                 strerror(-r));
+                return r;
+        }
+
+        r = sd_rtnl_message_close_container(m);
+        if (r < 0) {
+                log_error_netdev(netdev,
+                                 "Could not append IFLA_INFO_DATA attribute: %s",
+                                 strerror(-r));
+                return r;
+        }
+
+        r = sd_rtnl_message_close_container(m);
+        if (r < 0) {
+                log_error_netdev(netdev,
+                                 "Could not append IFLA_LINKINFO attribute: %s",
+                                 strerror(-r));
+                return r;
+        }
+
+        return r;
+}
+
+int netdev_create_tunnel(Link *link, sd_rtnl_message_handler_t callback) {
+        _cleanup_rtnl_message_unref_ sd_rtnl_message *m = NULL;
+        NetDev *netdev;
+        int r;
+
+        assert(link);
+        assert(link->network);
+        assert(link->network->tunnel);
+
+        netdev = link->network->tunnel;
+
+        assert(netdev);
+        assert(netdev->name);
+        assert(netdev->manager);
+        assert(netdev->manager->rtnl);
+        assert(netdev->manager->kmod_ctx);
+
+        /* Load kernel module first */
+        switch(netdev->kind) {
+        case NETDEV_KIND_IPIP:
+        case NETDEV_KIND_GRE:
+        case NETDEV_KIND_SIT:
+                r = load_module(netdev->manager->kmod_ctx,
+                                netdev_kind_to_string(netdev->kind));
+                if (r < 0) {
+                        log_error_netdev(netdev,
+                                         "Could not load Kernel module: %s . Ignoring",
+                                         netdev_kind_to_string(netdev->kind));
+                        return r;
+                }
+                break;
+        default:
+                return -ENOTSUP;
+        }
+
+        r = sd_rtnl_message_new_link(netdev->manager->rtnl, &m, RTM_NEWLINK, 0);
+        if (r < 0) {
+                log_error_netdev(netdev,
+                                 "Could not allocate RTM_NEWLINK message: %s",
+                                 strerror(-r));
+                return r;
+        }
+
+        switch(netdev->kind) {
+        case NETDEV_KIND_IPIP:
+                r = netdev_fill_ipip_rtnl_message(link, m);
+                if(r < 0)
+                        return r;
+                break;
+        case NETDEV_KIND_GRE:
+        case NETDEV_KIND_SIT:
+        default:
+                return -ENOTSUP;
+        }
+
+        r = sd_rtnl_call_async(netdev->manager->rtnl, m, callback, netdev, 0, NULL);
+        if (r < 0) {
+                log_error_netdev(netdev,
+                                 "Could not send rtnetlink message: %s", strerror(-r));
+                return r;
+        }
+
+        log_debug_netdev(netdev, "Creating tunnel netdev: %s",
+                         netdev_kind_to_string(netdev->kind));
+
+        netdev->state = NETDEV_STATE_CREATING;
+
+        return 0;
+}

diff --git a/src/network/networkd.c b/src/network/networkd.c
index 6b3bf12a4cf3e32299d4dcb52dab159b204cd97f..39e1b2af02d4304c7bd915e715d84583b209b4f1 100644 (file)
--- a/src/network/networkd.c
+++ b/src/network/networkd.c
@@ -87,6 +87,12 @@ int main(int argc, char *argv[]) {
                 goto out;
         }
 
+        r = manager_init_kmod_ctx(m);
+        if (r < 0) {
+                log_error("Could not init kmod context: %s", strerror(-r));
+                goto out;
+        }
+
         r = manager_rtnl_enumerate_links(m);
         if (r < 0) {
                 log_error("Could not enumerate links: %s", strerror(-r));

diff --git a/src/network/networkd.h b/src/network/networkd.h
index ec2e111a7b1b6cdafd9c04cd6a94f7013667b19c..e32cf5d9b29f0a0228419d47bf59590d9e145264 100644 (file)
--- a/src/network/networkd.h
+++ b/src/network/networkd.h
@@ -68,6 +68,9 @@ typedef enum NetDevKind {
         NETDEV_KIND_BOND,
         NETDEV_KIND_VLAN,
         NETDEV_KIND_MACVLAN,
+        NETDEV_KIND_IPIP,
+        NETDEV_KIND_GRE,
+        NETDEV_KIND_SIT,
         _NETDEV_KIND_MAX,
         _NETDEV_KIND_INVALID = -1
 } NetDevKind;
@@ -95,6 +98,7 @@ struct NetDev {
 
         char *description;
         char *name;
+        size_t mtu;
         NetDevKind kind;
 
         uint64_t vlanid;
@@ -103,6 +107,11 @@ struct NetDev {
         int ifindex;
         NetDevState state;
 
+        unsigned tunnel_ttl;
+        unsigned tunnel_tos;
+        struct in_addr tunnel_local;
+        struct in_addr tunnel_remote;
+
         LIST_HEAD(netdev_enslave_callback, callbacks);
 };
 
@@ -124,6 +133,7 @@ struct Network {
         char *description;
         NetDev *bridge;
         NetDev *bond;
+        NetDev *tunnel;
         Hashmap *vlans;
         Hashmap *macvlans;
         bool dhcp;
@@ -246,6 +256,7 @@ struct Manager {
         LIST_HEAD(Network, networks);
 
         usec_t network_dirs_ts_usec;
+        struct kmod_ctx *kmod_ctx;
 };
 
 extern const char* const network_dirs[];
@@ -266,6 +277,7 @@ int manager_bus_listen(Manager *m);
 
 int manager_update_resolv_conf(Manager *m);
 int manager_save(Manager *m);
+int manager_init_kmod_ctx(Manager *m);
 
 DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
 #define _cleanup_manager_free_ _cleanup_(manager_freep)
@@ -284,6 +296,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(NetDev*, netdev_unref);
 int netdev_get(Manager *manager, const char *name, NetDev **ret);
 int netdev_set_ifindex(NetDev *netdev, sd_rtnl_message *newlink);
 int netdev_enslave(NetDev *netdev, Link *link, sd_rtnl_message_handler_t cb);
+int netdev_create_tunnel(Link *link, sd_rtnl_message_handler_t callback);
 
 const char *netdev_kind_to_string(NetDevKind d) _const_;
 NetDevKind netdev_kind_from_string(const char *d) _pure_;
@@ -316,6 +329,28 @@ int config_parse_netdev(const char *unit, const char *filename, unsigned line,
                         const char *section, unsigned section_line, const char *lvalue,
                         int ltype, const char *rvalue, void *data, void *userdata);
 
+int config_parse_tunnel(const char *unit,
+                        const char *filename,
+                        unsigned line,
+                        const char *section,
+                        unsigned section_line,
+                        const char *lvalue,
+                        int ltype,
+                        const char *rvalue,
+                        void *data,
+                        void *userdata);
+
+int config_parse_tunnel_address(const char *unit,
+                                const char *filename,
+                                unsigned line,
+                                const char *section,
+                                unsigned section_line,
+                                const char *lvalue,
+                                int ltype,
+                                const char *rvalue,
+                                void *data,
+                                void *userdata);
+
 /* gperf */
 const struct ConfigPerfItem* network_network_gperf_lookup(const char *key, unsigned length);